The State of Rust in Malware Programming
PhD Research on Rust Binary Analysis and Malware Detection
View on GitHubThe State of Rust in Malware Programming
PhD Research on Rust Binary Analysis and Malware Detection
Welcome
This site documents ongoing PhD research focused on the static and dynamic analysis of Rust binaries, particularly for malware reverse engineering. The goal is to advance open methodologies, tooling, and datasets that help the security community understand, detect, and analyze Rust-based threats.
Quick Links
π Documentation
π¬ Analysis
πΎ Datasets
π οΈ Tools
Research Focus
This project investigates the characteristic features of Rust binaries, exploring:
- Monomorphisation and generic code expansion
- Trait objects and vtable structures
- Name mangling and symbol analysis
- Compilation pipeline impact on detection
- Zero-cost abstractions in binary form
Key Features
- β Comprehensive Binary Analysis - In-depth exploration of Rust compiler output
- β Detection Frameworks - Scalable frameworks for automated Rust malware detection
- β Open Datasets - Curated collections of benign and malicious Rust binaries
- β Tool Integration - Support for IDA Pro, Ghidra, Binary Ninja, and more
- β Academic Research - Ongoing PhD research with methodology documentation
Getting Started
1. Install Rust and Tools
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Add cross-compilation targets
rustup target add x86_64-pc-windows-msvc
rustup target add i686-pc-windows-msvc
See the Installation Guide for detailed instructions.
2. Build Sample Projects
# Clone the repository
git clone https://github.com/Yen-Coder/The-State-of-Rust-in-Malware-Programming.git
cd The-State-of-Rust-in-Malware-Programming
# Build a sample project
cd docs/01-Rust-Binary-Analysis/01-basic_pl_concepts
cargo build --release
See Building Rust Samples for more options.
3. Analyse Binaries
Explore the compiled binaries in datasets/Benign-Samples/ using your favorite reverse engineering tools.
Project Structure
The-State-of-Rust-in-Malware-Programming/
βββ src/ # Detection framework & analysis tools
βββ docs/ # Documentation & research samples
β βββ wiki/ # Comprehensive wiki
β βββ 01-Rust-Binary-Analysis/
βββ datasets/ # Compiled binary samples
βββ tools/ # IDA/Ghidra scripts & utilities
βββ README.md # Project overview
See Project Structure for detailed organisation.
Recent Updates
- β¨ Comprehensive wiki documentation added
- π§ Aggressive optimisation configurations
- π¦ x86 and x86-64 cross-compilation samples
- π§ͺ Basic programming language concepts analysis
Research Methodology
This research follows a systematic approach:
- Sample Generation - Create diverse Rust code samples
- Compilation - Build with various toolchains and optimisations
- Static Analysis - Analyse binaries with RE tools
- Dynamic Analysis - Runtime behavior observation
- Pattern Extraction - Identify Rust-specific signatures
- Detection Development - Build automated detection frameworks
Contributing
This is an active PhD research project. Contributions, feedback, and collaboration are welcome!
Resources
Documentation
- Wiki Home - Comprehensive documentation
- Rust Binary Analysis - Technical deep dive
- FAQ - Common questions
External Resources
- rust-re-tour - Rust RE exploration
- Checkpoint Research - Rust binary analysis guide
- βReconstructing Rust Typesβ - RE//verse 2025: https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025
- βReversing Rust Binaries: One Step Beyond Stringsβ - REcon 2024: https://github.com/cxiao/rust-reversing-workshop-recon-2024
License
See the LICENSE file for details.
Contact
- GitHub: Yen-Coder
- Repository: The-State-of-Rust-in-Malware-Programming
- Issues: GitHub Issues
π¦ Advancing Rust Malware Analysis Research π¦
PhD Research Project - Actively Maintained